CVE-2011-1024 — Openldap vulnerability

CWE-26418 documents8 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 52.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Debian Openldap

Timeline

PublishedMar 20

Latest updateMay 17

Description

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/openldap< openldap 2.4.25-1 (bookworm)

▶Debianopenldap/openldap< 2.4.25-1+3

▶NVDopenldap/openldap18 versions+17

Patches

Patch: www.openldap.org ↗Patch: www.openldap.org ↗Patch: www.openldap.org ↗

🔴Vulnerability Details

GHSA

GHSA-v9w5-g35w-fmjv: chain↗2022-05-17

▶

OSV

CVE-2011-1024: chain↗2011-03-20

▶

💥Exploits & PoCs

Exploit-DB

CTEK SkyRouter 4200/4300 - Command Execution (Metasploit)↗2011-11-30

▶

Exploit-DB

PolicyKit polkit-1 < 0.101 - Local Privilege Escalation↗2011-10-05

▶

Exploit-DB

Simple HTTPd 1.42 - Denial of Servive↗2011-08-12

▶

Exploit-DB

Sunway ForceControl 6.1 - Multiple Heap Buffer Overflow Vulnerabilities↗2011-06-17

▶

Exploit-DB

iPhone4 FTP Server 1.0 - Empty CWD-RETR Remote Crash↗2011-05-31

▶

📋Vendor Advisories

Ubuntu

OpenLDAP vulnerabilities↗2011-03-31

▶

Debian

CVE-2011-1024: openldap - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave config...↗2011

▶

Red Hat

openldap: forwarded bind failure messages cause success↗2010-07-28

▶

💬Community

Bugzilla

CVE-2011-1024 openldap: forwarded bind failure messages cause success↗2011-02-25

▶

Bugzilla

CVE-2011-1024 CVE-2011-1025 openldap various flaws [fedora-all]↗2011-02-25

▶

Bugzilla

CVE-2011-0719 Samba unsafe fd_set usage↗2011-02-17

▶